Add BBCode detection and correct flag handling in the markup validator

phpunit.xml.dist

@@ -2,7 +2,7 @@
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/10.4/phpunit.xsd"
          colors="true"
-         testdox="false"
+         testdox="true"
          bootstrap="tests/bootstrap.php"
          cacheDirectory=".phpunit.cache">
   <coverage/>

src/Validator/Constraints/BannedMarkupValidator.php

@@ -29,8 +29,12 @@ public function validate(mixed $value, Constraint $constraint): void
         }
         $value = (string) $value;
 
-        if (preg_match('#<([a-z0-9]+).*</\1>#i', $value)) {
-            $this->context->buildViolation('html was found')->addViolation();
+        /* @todo Build correct translatable validations */
+        if ($constraint->html && preg_match('#<([a-z0-9]+).*</\1>#i', $value)) {
+            $this->context->buildViolation('HTML was detected')->addViolation();
+        }
+        if ($constraint->bbcode && preg_match('#\[([a-z]+).*\[/\1\]#i', $value)) {
+            $this->context->buildViolation('BBCode was detected')->addViolation();
         }
     }
 }

tests/Functional/IntegrationTest.php

@@ -187,7 +187,7 @@ public function testProfileTest1(): void
         $formData['basic_form[message]'] = 'Please visit my <a href="https://www.example.org">website</a> at https://example.org';
         $formData['basic_form[email_address]'] = '';
         $crawler = $client->submit($crawler->filter('form[name=basic_form]')->form(), $formData);
-        $this->expectFormErrors($crawler, fieldErrors: ['disallowed scripts', 'html was found']);
+        $this->expectFormErrors($crawler, fieldErrors: ['disallowed scripts', 'HTML was detected']);
     }
 
     public function testProfileTest2(): void

tests/Unit/Validator/BannedMarkupTest.php

@@ -83,15 +83,21 @@ public function testBannedMarkupValidation(string $message, string $expectedErro
     public static function provideBannedMarkupMessages(): array
     {
         return [
-            ['Please click our <a href="http://example.org">link</a> to buy products.', 'html'],
-            ['Please click our <a  href=http://example.org>link</a> to buy products.', 'html'],
-            ['Please click our <a malformed=true href=\'http://example.org\'>link</a> to buy products.', 'html'],
-            ['Please click <b>our</b> link to <i class="ms-word">buy</i> products.', 'html'],
-            ['Please click our <a href="http://example.org">link</a> to buy products.', 'html'],
-            ['<B>ANCIENT HTML USED ALL CAPS</B>', 'html'],
-            ['<i>ANCIENT HTML USED ALL CAPS (but not consistently)</I>', 'html'],
-            ['<i>buggy html should not fire</b>'],
-            ['Nor should a <a href="http://spam.me">broken link element that will not work anyway'],
+            ['Please click our <a href="http://example.org">link</a> to buy products.', 'HTML'],
+            ['Please click our <a  href=http://example.org>link</a> to buy products.', 'HTML'],
+            ['Please click our <a malformed=true href=\'http://example.org\'>link</a> to buy products.', 'HTML'],
+            ['Please click <b>our</b> link to <i class="ms-word">buy</i> products.', 'HTML'],
+            ['Please click our <a href="http://example.org">link</a> to buy products.', 'HTML'],
+            ['<B>ANCIENT HTML USED ALL CAPS</B>', 'HTML'],
+            ['<i>ANCIENT HTML USED ALL CAPS (but not consistently)</I>', 'HTML'],
+            ['<i>completely buggy html should not fire</b>'],
+
+            ['If you try to [b]BB yourself into bold shouting[/b] it should fail', 'BBCode'],
+            ['Even if you mismatch [b]cases[/B] between opening and closing', 'BBCode'],
+            ['The [url=https://example.org]BBCode links[/url] should definitely fail', 'BBCode'],
+            ['Nested [i]tags in [b]TAGS[/b] should [/i] fail', 'BBCode'],
+
+            ['A <a href="http://spam.me">broken link element that will not work anyway should not trigger on its own'],
             ['Or a text without any markup whatsoever'],
         ];
     }